Hi usmcscout123,

Did you read this: http://xml.ssdsandbox.net/index.php/2dfe1699bd3fb09b140d5b95d023a275
Malware resides here: hxtp://213.155.31.136/hshhgajjsggsajd/sutra/kzkzhlipgpjvy.jar
Threat: a6a7a760c0e <<< JAVAMesdeh.D malware aka Trojan maljava

A malicious Java file that exploit one or more vulnerabilities, after essexboy’s cleansing routine you should update all the software on that computer after an online scan here: http://secunia.com/vulnerability_scanning/online/?task=load

But from the connections made, we have to conclude you probably have a SpyEye infection,

When a SpyEye bot running on an infected computer starts up, it immediately sends a message to check in with its Command & Control server. This first message contains some basic information about the bot infector and the computer it is running on. Here is an example, with the parameters highlighted.

http://(server)/gate.php?guid=uname!cname!1A2B3C4D&ver=10260&stat=ONLINE&ie=6.0


Quote source: http://blog.fortinet.com/tag/research/ (author of article named “A Guide to SpyEye C&C Messages” by Doug Macdonald February 15, 2011)

polonus